Finding the Needle in the NBEstack

I’m a huge fan of the Nessus vulnerability scanner. It’s got plug-ins for anything you could ask for, runs great in a Linux environment, and outputs a ton of information (thanks to thousands and thousands of checks). While all that information is a good thing, sometimes you are just looking for specific issues or findings across a network. A quick way I like to strip out interesting information is grepping through the output files for certain Nessus ID’s. Here is a quick list of interesting plug-ins:

16314 – Lists suspicious and unwanted software.
36217 – Detection of the Conficker worm.
23938 – Locates Cisco routers with missing / default passwords.
38153 – A nice summary of missing Microsoft patches.
11936 – Identification details about the machines OS.
10673 – Locates SQL servers with default / blank SA accounts.
10396 – Details about SMB shares.
23910 – Locates modified HOSTS files – can be an indication of a virus or malware.

To search for these, I usually do a quick grep nessus-id *.nbe and then use cut with custom delimiters to filter out the IP addresses and other pertinent information.

Netsparker Community Edition – “The Sparkler”

Managing Windows User Accounts via the Commandline

Information Security : Tracking Spam Origins

Leave a Reply Cancel comment reply